Basic Motherboard/NIC Question

I'm really new to building networks so these questions are really basic. I hope you guys don't mind. I had pfSense running on an old machine with several PCI NICs because I thought I needed all of them in order to connect all of my devices. It died a few months ago and I want to do a rebuild that is less power hungry. I saw a video on Youtube of a guy that made a pfSense box using an Intel DQ77KB and just the onboard dual NICs.

The part I suspect that is tripping you up is the fact that most home routers (Linksys, Netgear, etc.) have 1 WAN port plus 4-8 LAN ports on the back, correct? If so, what those actually have is a single, internal LAN port with a switch behind it which gives you multiple ports to work with.

What you really want is a network switch. Make sure you get one that is Gigabit. For reasons I don't understand, it's still possible to buy 10/100 gear…

Jason - You're right. I thought I needed to have a port for each device so I bought 4 NICs for my last build.

As far as allowing some devices to access the Internet and restricting others, is that where VLANs comes in?

Also, if there are any good books I can use to learn more, definitely let me know.

VLANs for access control could be used, but it's not strictly necessary, and it could be detrimental to your performance if those VLANs need to talk to each other.

So if I have a media server that I would like all devices in the network to be able to access but that I do not want to allow directly on the Internet, is it best to use some other method of access control?

Putting your media server on a separate interface, a separate NIC or VLAN, is the most secure way sure. However if you just want to stop it accessing the internet you can do that with firewall rules and a static DHCP lease or static IP.

Also when you say 'on the internet' do you mean able to connect to the internet or do you mean is accessible from the internet? Nothing on your LAN is accessible from the internet unless you have specifically added rules to allow it.

Putting your media server on a separate interface, a separate NIC or VLAN, is the most secure way sure. However if you just want to stop it accessing the internet you can do that with firewall rules and a static DHCP lease or static IP.

Also when you say 'on the internet' do you mean able to connect to the internet or do you mean is accessible from the internet? Nothing on your LAN is accessible from the internet unless you have specifically added rules to allow it.

Steve

Thanks, Steve. I just want to make sure that it is not accessible from the Internet so it sounds like pfSense will have the covered by default.